The Visual Studio March update centers on GitHub Copilot Agent capabilities, introducing custom Agents, reusable skills,
find_symbolsemantic navigation, test performance analysis, and vulnerability remediation. It addresses common team pain points such as inconsistent engineering standards, shallow code understanding, and fragmented optimization workflows. Keywords: Visual Studio, GitHub Copilot, Agent.
Technical snapshot
| Parameter | Details |
|---|---|
| Product | Visual Studio 2026 Insiders |
| Core languages | C++, C#, Razor, TypeScript |
| AI capabilities | GitHub Copilot, Custom Agent, Skills |
| Protocols / extensions | MCP, LSP |
| Primary use cases | Code generation, refactoring, navigation, performance analysis, security remediation |
| Stars | Not provided in the source |
| Core dependencies | GitHub Copilot, language services, NuGet, Test Explorer |
This update moves AI coding assistants into a governable, reusable, and executable stage
The focus of this release is not a simple improvement to autocomplete. Instead, it upgrades Copilot from a conversational assistant into an engineering agent that can plug into the toolchain. It can read repository context, call tools, connect to knowledge sources, and execute tasks under team-defined constraints.
For enterprise teams, the value shows up on three levels: standardizing conventions, reducing context switching, and shifting performance and security work left into daily development. Developers no longer only ask AI “how should I write this?” They can now ask AI to “complete this according to the rules.”
Custom Agents bring team workflows into repository-native configuration
Custom Agents are defined through .agent.md files. Once placed in the repository’s .github/agents/ directory, they can be enabled directly from the Agent selector. Each Agent can bind tools, knowledge sources, model preferences, and execution instructions, making it suitable for building team-specific engineering assistants.
---
name: dotnet-review-agent
description: Code review and remediation guidance for .NET projects
model: gpt-4.1
tools:
- find_symbol # Semantic symbol lookup
- terminal # Run build and test commands
instructions:
- Follow team coding conventions # Core constraint
- Prioritize NuGet vulnerability checks
- Output actionable change recommendations
---This configuration shows how to define a repository-scoped Agent for a .NET project.
AI Visual Insight: The image shows the Agent selection interface in Visual Studio. The key point is that repository-defined Agents have been automatically discovered by the IDE and added to the available list. This confirms that the .github/agents/ directory is integrated with the IDE Agent runtime, allowing developers to switch between Agent configurations based on the task.
The Agent skill mechanism turns scattered prompts into reusable capability modules
Skills provide a more stable organizational model than one-off prompts. Visual Studio automatically discovers skills from .github/skills/ or the user directory ~/.copilot/skills/, and explicitly shows them when activated so developers can clearly understand the active capability boundaries.
This means teams can package code review rules, performance troubleshooting procedures, and release checklists into skill directories and persist them through SKILL.md, rather than relying on personal memory or chat history.
# SKILL.md
name: performance-triage
summary: Identify performance issues on hot execution paths
steps:
- Use profiling tools to collect CPU data # Sample first, then evaluate
- Identify high-cost methods
- Provide low-risk optimization recommendationsThis skill definition shows how to solidify a performance diagnostic workflow into a reusable template.
AI Visual Insight: The image presents the conversation state after a skill is activated. The important detail is that a skill is not treated as an implicit prompt. Instead, it is explicitly attached to the current session context, making it easier for developers to verify that the Agent is executing tasks according to the predefined workflow.
find_symbol elevates Agents from text search to semantic code navigation
find_symbol is the most important engineering capability upgrade in this release. It no longer relies on string matching. Instead, it uses language services to understand symbol declarations, references, scope, and type information. This is especially important for refactoring, cross-file changes, and parameter migrations.
When you ask Copilot to modify a method signature, it can locate every call site instead of replacing text based on guesswork. That makes AI operations in large codebases much closer to real IDE refactoring.
// Before using find_symbol, AI often relies on text-based inference
public void ProcessOrder(int id) // Target method
{
// Core business logic
}
// After using find_symbol, it can locate all references and safely change the signature
public void ProcessOrder(int id, CancellationToken ct)
{
// Add a cancellation token for better async flow control
}This code example demonstrates the direct value of semantic symbol navigation for safe refactoring.
AI Visual Insight: The image shows the code understanding result after the Agent calls a symbol-level tool. It indicates that the system can return symbol definitions, reference chains, and type metadata instead of simple text-search hits. That directly improves the verifiability of AI-driven code changes.
AI Visual Insight: The image further illustrates how find_symbol results are presented inside the IDE. These results usually include reference locations, declaration context, and cross-file navigation, showing that the Agent is deeply integrated with language services and project indexing.
Enterprise MCP governance and security remediation improve control over the AI toolchain
MCP allowlists are a critical control point for adopting AI Agents in enterprise environments. Administrators can use GitHub settings to define which MCP servers are allowed. Any unapproved service is blocked. This reduces the risks of data leakage and compliance issues when connecting external knowledge sources.
Another high-value update is NuGet vulnerability remediation. The IDE can now surface vulnerabilities directly in Solution Explorer, and Copilot can analyze dependency risk and recommend upgraded versions, shortening the time from detection to resolution.
Performance analysis is now embedded into the core test and debugging workflow
Visual Studio turns performance analysis from a separate phase into an action that happens in the normal development flow. In Test Explorer, developers can run Profile with Copilot directly on an individual test, automatically collecting CPU and diagnostic data.
AI Visual Insight: The image shows a new Copilot-powered profiling entry in the Test Explorer context menu. This indicates that performance collection, test execution, and AI recommendations are now connected into a single step, lowering the barrier to using profilers.
During debugging, developers also get real-time performance hints. While stepping through code, they can see timing feedback and immediately ask Copilot for optimization recommendations. This model compresses bottleneck discovery and solution generation into the same interaction loop.
for (int i = 0; i < items.Count; i++)
{
SaveToDatabase(items[i]); // Core bottleneck: row-by-row writes create high latency
}
// Better approach: batch commits or async buffering
await repository.SaveBatchAsync(items); // Reduce I/O round tripsThis example shows why real-time performance hints are especially effective for spotting I/O hotspots inside high-frequency loops.
AI Visual Insight: The image shows inline performance hints inside the debugger and the Copilot-assisted analysis interface. It reflects that runtime timing, CPU, or memory signals are now attached directly to the execution path, making it easier to optimize while debugging.
AI Visual Insight: The image shows vulnerability notifications in Solution Explorer and a “Fix with GitHub Copilot” entry point, indicating that security remediation has evolved from a traditional report-based experience into an actionable dependency governance workflow inside the IDE.
HTML rich-text copy closes the last mile for external engineering communication
With the new HTML rich-text copy feature, code pasted into slide decks, work item systems, or web documentation can retain syntax highlighting and formatting. It may look like a small detail, but in practice it improves the quality of information transfer across development, review, reporting, and collaboration workflows.
For teams that frequently write design docs, incident reviews, and technical proposals, this capability reduces reformatting costs and makes IDE output better suited to modern engineering collaboration tools.
FAQ: The 3 questions developers care about most
Q1: What is the essential difference between a custom Agent and a standard Copilot chat?
A1: A standard chat is mostly temporary and conversational. A custom Agent persists the model, tools, knowledge sources, and team rules inside the repository, giving it reusable, auditable, and collaborative engineering properties.
Q2: Why is find_symbol better suited for refactoring than full-text search?
A2: Because it relies on language services to understand symbol definitions, references, and type relationships. It can identify real call chains and reduce the risk of accidentally changing strings, comments, or unrelated symbols with the same name.
Q3: Which teams should adopt these features first?
A3: Mid-sized and large .NET teams, enterprise engineering organizations that need consistent coding standards, and project teams that care deeply about performance and dependency security will benefit first from custom Agents, performance analysis, and vulnerability remediation.
Core summary
This article systematically breaks down the core capabilities in the Visual Studio March update, including custom Copilot Agents, Agent skills, find_symbol semantic navigation, enterprise MCP governance, test profiling, real-time performance hints, and NuGet vulnerability remediation. Together, these features help teams bring AI coding, performance analysis, and security governance into a unified workflow.